May 2019 - ongoing
3 software developers
React, React Native, Nest, Redux-Saga, React-Admin
VerifiID’s goal was to develop a mobile app that could be used for age verification instead of government-issued identification such as a driving license or passport. The app doesn’t store the users’ personal data, but rather encrypts the information for easy access whenever the user needs to provide proof of age.
One of the requirements of the app was to be able to accurately compare the image from the user’s physical ID document with the uploaded selfie. The VerifiID mobile app needed to be integrated with the chosen service providers which would ensure the accurate reading of facial biometric data.
The challenge was how to register the biometric data of the users within the system without actually storing sensitive data. The goal was to only require users to register once without having to confirm their age within the app multiple times.
The security concerns were addressed by ensuring that there was less data transferred within the network. The users’ personal information is encoded into a PKI certificate that is saved directly to the user’s phone. Any time a user needs to provide proof of age, the app generates a short-lived code that is cryptographically derived from the user's certificate.
Since the user’s data is stored on their phone, not in the network, the user loses access to their account if their phone is lost or stolen. No one else has access to your personal data, since it’s fully encrypted. The key isn’t saved anywhere else, so the only thing that could be done is to reset the hash of the document within the database.
The solution for a user in this situation is to send an email request to reset the personal document, so it can be used again with a new device and registration.
React native was chosen due to its multiplatform nature and its ability to support both systems. React admin served as a framework and proved to be a great solution for the admin panel. It was a standardized solution to problems with creating and modifying data within the app.
AWS cloud and cognito service were used to manage the users in the web version that the verifiers, such as bar owners, can use. This simplified the user authentication and verification processes. AWS SNS was used to send SMS codes and AWS Cloudwatch was used for collecting logs and metrics.
NestJS made it easy to build the application when it came to the back-end. It automized and simplified a lot of processes.
One of the advantages of the app is its lack of a server, which was achieved by using the serverless deployment function in AWS Lambda. It’s one thing less to worry about, especially when dealing with sensitive user data, not to mention having a server would be an additional expense to maintain.
Docker was used for the web app development and back-end, while AWS S3 supports the file upload of ID pictures and selfies.
Rumble Fish are incredibly easy to communicate with and have actively advised and solved many problems we faced. This in turn has subsequently resulted in a much better end product which we are absolutely delighted about. Rumble Fish’s technical expertise and willingness to adapt to our changing needs has helped to add so much value to our project. Professional from the outset, if you want to turn an idea into reality, their team will make it happen. I would highly recommend their services, I wouldn’t take our project anywhere else.